Digital supply chain management, such as digital rights management, faces some unique challenges. For example, digital rights management can include transactions of digital rights relating to device functionality and capability usages (e.g., application module usage or hardware module usage) and electronic services. The digital rights can grant a specific use of an application, a device, or a service enabling participation or engagement in a digital activity on a computing device. In these cases, the sellers of the transactions are publishers, who control and/or restrict access to the application modules, the hardware modules, and/or the services. What is being sold in a transaction of digital right can be referred to as a “license.” For example, the license can be embodied as a digital string used to verify grant of the digital rights and unlock certain functionalities protected by a device kernel.
Conventional digital rights management utilizes a centralized manager system controlled by a vendor/publisher of the licenses to communicate with any device that uses the license. In turn, each of these devices implements a control kernel that restricts access to its one or more of applications, services, or functionalities unless a verifiable license indicating a relevant digital right is presented to the control kernel. The publisher of the applications, services, or functionalities can sell and distribute licenses directly or indirectly to customers. The licenses can then serve as keys to the usage of the applications, services, or functionalities. The control kernels can validate the key periodically with the centralized manager system.
An enterprise customer can have a license server that stores licenses in a trusted storage (TS), where each license can grant a computing device some form of digital access. Because licenses in the trusted storage are valuable, the enterprise customer must back up data in the TS periodically to ensure that in case of a catastrophic failure of the computing device, the licenses are not lost forever. However, the enterprise customers cannot always return the computing device to a state before the failure has occurred. Even in the situation where the enterprise does restore the TS from backup, if the failed computing device is not brought back in a form which is identical to its prior configuration, the issuers of the licenses still cannot trust the revised TS absent some form of intervention. This dilemma impairs the robustness of the license management system, causing either the issuers of the licenses to take risk in trusting the recovered computing device or the customers to take risk in possibly losing purchased licenses in the event of device failures. Thus, the conventional architecture for a license management system cannot always be trusted during device failure events.